W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2013

Re: HTTP/2.0 -04 candidate

From: Sam Pullara <spullara@gmail.com>
Date: Tue, 2 Jul 2013 09:29:27 -0700
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <0B63EDB3-FF97-4605-89FF-43B4C9CFB09A@gmail.com>
To: Albert Lunde <atlunde@panix.com>
On Jul 2, 2013, at 6:21 AM, Albert Lunde <atlunde@panix.com> wrote:
> On 7/2/2013 12:22 AM, Sam Pullara wrote:
>> I suggest that you limit to same origin and remove the :schema and the
>> :host. It is quite probable that a different host, even if could be
>> served from the same IP address, actually resolves to a different IP
>> address when the client resolves it. Even the same :host could resolve
>> to a different IP address.
> 
> A case where this could become less obvious might be a server or cluster of servers offering a number of name-based virtual hosts. It's fairly common for a virtual host to have two or four aliases.
> 
> Also, there may be shared resources the server knows about that aren't obviously related to a client's view of  "origins", like a host name used to serve particular media types or groups of content, such as shared styles, images, or sounds.

How would the client determine that the server is allowed to serve resources from another origin that doesn't resolve to the same IP address? Serving assets like JavaScript, Flash objects, Java applets, etc. from a particular origin has security implications for the client. Further, if this server can serve it, is there any reason for another origin to be used? Different origins were used in the past for a wide variety of reasons but the most obvious one is that the main origin doesn't have the asset, secondarily to increase concurrency in HTTP/1.1. HTTP/2.0  should get rid of the idea that you need a bunch of different host names to optimally serve your pages that have a lot of resources on them since you only need one connection and they can be muxed together.

Sam
Received on Tuesday, 2 July 2013 16:29:56 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:14 UTC